En:2FactorAuthentication

Aus Winestro.Cloud Handbuch
Zur Navigation springen Zur Suche springen


So finden Sie diese Seite:
System icon.png
Einstellungen
Zugang

Two-factor authentication (2FA) adds an extra layer of security to your Winestro.Cloud access. This ensures that your account is even better protected against unauthorized access, even in situations where, for example, you lose a PC/laptop or someone gains control of your PC (e.g., through remote maintenance, theft, or a virus). Your data remains protected even if you save your password and login details on a publicly accessible computer.

What is 2FA?

Input window after login

Normally, you use just one factor (email + password) to log into online accounts. However, this has disadvantages, such as:

  • Storing passwords in browsers
  • Sharing login credentials with others
  • Simple or commonly used passwords

For highly important infrastructures (such as online banking), a second factor is already used (e.g., TAN lists or chip- or SMS-TAN) to protect specific transactions. Since Winestro.Cloud does not require transaction-specific passwords (TANs), we use the OTP protocol, which works as follows:


2fa.JPG

Your smartphone serves as the second factor with an internal key. Only someone with an authorized smartphone (1st factor) and your login credentials (2nd factor) can log in. Since each 2FA code is only valid for 30 seconds, even if an attacker gains access to your login details and a code via remote maintenance, theft, or public Wi-Fi, it won’t be useful unless they also steal your smartphone at the same time.

How do I set it up?

  • In Winestro.Cloud, go to System / Settings / Access and click "Activate" under 2FA.
  • You will be prompted to scan a QR code using a 2FA app.
  • Open your 2FA app and scan the code.
  • In your app, click on "Winestro.Cloud.
  • Enter the code into Winestro.Cloud within 30 seconds.
  • From your next login onwards, you will be asked to enter a code.

Renewing the code

It’s recommended that you renew your 2FA code at least once a year. To do this, follow the same steps as above: simply delete the current code and authorize your smartphone again.

Important: As soon as you generate a new 2FA code, the old one automatically becomes invalid. 
Therefore, always use the display function only to authorize new smartphones.

Which apps are supported?

Many apps support the OTP protocol. Here are a few that we know work:

  • FreeOtp

https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=de

https://itunes.apple.com/de/app/freeotp-authenticator/id872559395?mt=8

  • Google Authenticator

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=de

https://itunes.apple.com/de/app/google-authenticator/id388497605?mt=8

Setting up Employee Access

Displaying and Deactivating an Employee's Factor

Employees use the same factor as the main account unless they have set up their own second factor. Scan the QR code with the corresponding employee’s device (you can display it again if needed). After that, the employee can also use the access. Once you activate 2FA, ALL accounts, including employees, accountants, or your main account, are bound to it.

Setting up Individual 2FA for Employees

It is advisable to set up individual 2FA for employees, as it is more secure and can be easily deactivated if necessary. You can do this in the employee's profile or customer card at the top (see image).

Frequently Asked Questions

The code is constantly invalid!

Please check if your device's time matches the time on Winestro.Cloud. Set your smartphone's time to "automatic" and avoid manually setting it.

What do I do if my smartphone is broken or lost?

First, the good news: No one can do anything with just your smartphone!

Please send us an email from the address you use to log into Winestro.Cloud. After a brief phone verification, we will reactivate your access. We appreciate your understanding that this can only be done during normal business hours and, for security reasons, not through the forum.